Description

PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter.

Remediation

References

CVE-2008-1989

Related Vulnerabilities

WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner 'mosmsg' and 'option' Parameters Cross-Site Scripting Vulnerabilities (3.0)

WordPress Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-0194)

osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-0606)

Oracle Database Server CVE-2011-0785 Vulnerability (CVE-2011-0785)

Oracle JRE CVE-2018-2637 Vulnerability (CVE-2018-2637)

Severity

Critical

Classification

CVE-2008-1989 CWE-94

Tags

Missing Update Known Vulnerabilities